catch a macro virus

In The News General Security Information Exploit & Vulnerability Mailing List Archives Product and Program Reviews GSO Tutorials System Security Windows Systems Beginners Section Linux & Unix Systems Trojan & Virus Errata Networking Security / Firewall / IDS / VPN / Routers System Hardening E-Mail Security Wifi Security Trial Member Uploads Upload discovered Trojans & Mal ware (25 posts) The Cork Board Network Security Consultant Directory Network Security Jobs The Archives Encryption Information General Network Security Internet Anonymity HTTP Protocol Security Linux Security MS IIS Information Exploit Articles Programming / Tool Design GSO Software Projects Public Downloads Microsoft Security Questions and Papers
	Database Security (Common-sense Principles)
	Places that viruses and trojans hide on start up
	Step-by-Step Guide to Using the Security Configuration Tool Set
	Improving the Security of Your Site by Breaking Into it
	Domain Name Robbery
	XDCC - An .EDU Admin's Nightmare
	Database Security
	Database Security
	Is Database Security an Oxymoron?
	Database security: protecting sensitive and critical information
	The database security blanket
	Database security in your Web-enabled apps
	Making Your Network Safe for Databases
	SQL Injection: Modes of Attack, Defence, and Why It Matters
	Database Security in High Risk Environments
	Linksys Router Information (A collection)
	Common Ports
	Protection of the Administrator Account in the Offline SAM
	Windows 2000 Security
	The dangers of ftp conversions on misconfigured systems
	Win98.BlackBat
	AnnaKournikova worm decrypted
	C/C++ made easy with GoGooSE 1.0
	UNIX Bourne Shell Programming
	BATCH ProgramminG
	Assembly for nerds using linux
	THE LATEST IN DENIAL OF SERVICE ATTACKS: "SMURFING"
	The Ingredients to ARP Poison
	Outlook 2002: can't send .exe file with Email
	Windows 9x/Me Security and System Restrictions
	Exploiting The IPC Share
	Local Windows hacking
	Windows Cryptic Error Messages
	Windows NT Registry Tutorial
	catch a macro virus
	Protecting Files with Windows NTXP
	Microsoft Baseline Security Analyzer V1.1
	A Beginners Guide To Wireless Security
	Default Logins and Passwords for Networked Devices
	How To Eliminate The Ten Most Critical Internet Security Threats
	About computer crime
	System Backdoor Information
	System Backdoors Explained
	Introduction to Buffer Overflow
	Donald Pipkin's Security Tips for the Week of December 23rd
	Getting IP data from numerous sources
	Rainbow Series Library [The One The Only]
	Honeypots (Definitions and Value of Honeypots)
	General Attack Descriptions
	Wireless Taping
	CYBERTERRORISM
	Security from a different angle

catch a macro virus

By unknown

So, you wanna catch a macro virus ? Here, I'll show you a simple method of how to

catch a macro virus and obtain the source code. After all, with sooo many macro

viruses out there, it's pretty exciting if we get to catch one, and even those

unknown and undetected ones. This trick would work on Word 97. I'm not sure if

it works on Word 2000 coz I've never tested it on Word 2000. Also, don't bother

trying it on Word XP/2002 coz it won't work.

First thing's first, what you'll need: an infected document (*.doc) and MS Word 97.

Getting started:

Make sure that you turn off any AV software coz it'll interfere with our tasks.

Also, before doing anything, ensure that the Macro Virus Protection feature in

Word 97 is on (activated). This is extremely important as we'll see later.

First......run the infected document by double clicking it. This is where the

Macro Virus Protection feature kicks in. If you have it disabled, our virulent

macros will be activated and taa taa.......you've activated the virus and

infected your Word environment. So, once again, I stress that you TURN ON

the macro virus protection feature in Word 97.Next, when our alert warning

prompts out, select Disable Macros. This would prevent all macros in the document

from running and opens the document in ReadOnly mode. Don't worry.....of course

the viral code won't be activated since you've disabled all macros.

After it's done and the document is opened, go to Tools-Macro-Visual Basic Editor.

This would launch the VB IDE. Double click ThisDocument.

And surprise.......you'll get to see the entire VBA code of the virus. If ThisDocument

is empty, find for any module within the project explorer window. This should

give the viral code of the doc. Also, if there are any forms, you can get to

view it too. There goes....my tutorial on catching a macro virus. This method

works even with unknown and undetected macro viruses.

Additional Tips & Tricks:

- To know whether your Word environment is infected by a macro virus, find for

Normal.dot file in your harddisk. Note it's size. The normal size is 26k-27k

(for Word 97). If the filesize is about this range, it's not infected.

However, if it's way above this range for example 40K or 50K, then, there's a

BIG possibility that it's infected.

- Also, when you get a large Normal.dot fiile, try viewing it in Notepad or a

Hex Editor. There's a chance that you could uncover viral code traces in clear text